Some analytics companies are encouraging retailers to go all-in on facial recognition and biometric data, while others are pursuing a more privacy-conscious path. How can small businesses choose? This post originally appeared on Inc.com.

Imagine owning a store and knowing everything about your customers from the moment they walk in: ages, genders, moods, information from their social media profiles. It seems like something out of Minority Report.

This data can be invaluable to retailers, who can use it to target their core demographics in real time and sell it to brands or other third parties. It’s a large part of why the video analytics market grew to $1.69 billion in 2016 and is expected to surpass $4 billion by 2021, according to a report last year by research firm MarketsandMarkets.

That doesn’t necessarily mean it’s the best option for small- and medium-sized businesses: Some in the industry are moving away from demographic and biometric data. Whether that’s in the name of privacy protection or due to fear of customer backlash, the end result is the same. So how do small retailers decide whether this type of data collection is worth pursuing? It starts with understanding its benefits and drawbacks.

A more personalized future

Some video analytics companies are going all-in on demographic data collection. San Jose, California-based RetailNext, for example, uses video to track consumer age and gender. Countbox, which was founded in Moscow in 2008 and now operates across Europe and North America, uses “demographic sensors”–essentially, video cameras with on-board cloud computing software–to discern store visitors’ age, gender, ethnicity, and even mood.

Countbox co-founder and CIO Andrey Stryukov says the technology will become more personalized over the next decade. “It’s not a very hard task to match the face of a person who enters the store to a database of faces,” Stryukov says. “In the future, who knows? Facebook may … do something in-house like that or may allow a company like ours to access their faces database.”

Indeed, the burden of preventing overstepping lies with private companies like Facebook rather than the federal government. Illinois and Texas have laws against excessive biometric data collection, and other states have proposed similar legislation in recent months, but the Federal Trade Commission–the primary agency that handles federal prosecution of businesses–can’t go after companies for it. The FTC can prosecute businesses for deceptive acts and practices, such as if a company offers an opt-out policy but never actually removes those who opt out from the system. (That’s exactly what happened to analytics company Nomi Technologies in 2015.) Still, there’s an easy way around that: Opt-in and opt-out agreements, while best practices, are not required by federal law.

Analytics companies that neglect to alert their customers or intentionally avoid doing so, however, should be ready for significant backlash.